Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use bootstrap tokens provisioned by ansible for K3s instead of persistent tokens in cloud-init metadata #589

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Use bootstrap tokens provisioned by ansible for K3s instead of persistent tokens in cloud-init metadata #589

wants to merge 8 commits into from

Conversation

wtripp180901
Copy link
Contributor

Server now generates a short lived bootstrap token which nodes use for initial connection/auth. Performed in site.yml rather than ansible-init. Tokens no longer needs to be generated by ansible, but consistent node passwords are needed (previously we were using the ansible-generated token for this) so added to the secret store.

@wtripp180901 wtripp180901 requested a review from a team as a code owner February 19, 2025 09:36
@wtripp180901
Copy link
Contributor Author

https://github.com/stackhpc/ansible-slurm-appliance/actions/runs/13409545021

@sd109
Copy link
Member

sd109 commented Feb 19, 2025

@wtripp180901 Do we also need to update this table in the compute-init README as a result of this change?

Do we have a plan yet for how to get nodes to rejoin the k3s cluster after a compute-init driven rebuild? Is it even possible with this bootstrap token approach?

sjpb
sjpb requested changes Feb 19, 2025
View reviewed changes
@sjpb
Copy link
Collaborator

sjpb commented Feb 19, 2025

@sd109

Do we have a plan yet for how to get nodes to rejoin the k3s cluster after a compute-init driven rebuild? Is it even possible with this bootstrap token approach?

Yeah I think so, we discussed it the other day. The RebootProgram will have to generate a new token, that will be distributed by 🪄 (i.e. however we distribute other secrets), then the node picks it up on boot.

A failure to provision a new token which results in RebootProgram failing and node being marked down (unless we do something to handle that) so I think that will work.

@sjpb sjpb changed the title K3s now uses bootstrap tokens instead of cloud-init metadata Use bootstrap tokens provisioned by ansible for K3s instead of persistent tokens in cloud-init metadata Feb 19, 2025
@wtripp180901
Copy link
Contributor Author

https://github.com/stackhpc/ansible-slurm-appliance/actions/runs/13453455728

@wtripp180901 wtripp180901 requested a review from sjpb February 21, 2025 10:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjpb sjpb Awaiting requested review from sjpb

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wtripp180901 @sd109 @sjpb